@mulanjs/mulanjs 1.0.1-dev.20260212152134 → 1.0.1-dev.20260218164416

package/README.md

@@ -16,7 +16,7 @@ MulanJS is a high-performance, next-generation web framework designed to bridge
 > Coming soon!
 
 ### Development Release (Latest)
-To install the latest development version of MulanJS:
+To install the latest development version of MulanJS (e.g., `1.0.1-dev.20260218163106`):
 
 ```bash
 npm install @mulanjs/mulanjs@dev

package/dist/mulan.esm.js

@@ -1617,6 +1617,11 @@ __webpack_require__.r(__webpack_exports__);
 /* harmony export */   Security: () => (/* binding */ Security)
 /* harmony export */ });
 class Security {
+    /**
+     * IRON FORTRESS PROTOCOL
+     * Strictly escapes all HTML entities to prevent XSS.
+     * Use `mu-raw` attribute in templates to bypass this for trusted content.
+     */
     static sanitize(input) {
         // 1. Basic entity encoding
         let secure = input

package/dist/mulan.js

@@ -126,7 +126,7 @@ eval("{__webpack_require__.r(__webpack_exports__);\n/* harmony export */ __webpa
   \***********************************/
 (__unused_webpack_module, __webpack_exports__, __webpack_require__) {
 
-eval("{__webpack_require__.r(__webpack_exports__);\n/* harmony export */ __webpack_require__.d(__webpack_exports__, {\n/* harmony export */   Security: () => (/* binding */ Security)\n/* harmony export */ });\nclass Security {\n    static sanitize(input) {\n        // 1. Basic entity encoding\n        let secure = input\n            .replace(/&/g, \"&amp;\")\n            .replace(/</g, \"&lt;\")\n            .replace(/>/g, \"&gt;\")\n            .replace(/\"/g, \"&quot;\")\n            .replace(/'/g, \"&#039;\");\n        // 2. Remove dangerous events (extra layer if encoding fails)\n        const dangerousEvents = ['onload', 'onclick', 'onerror', 'onmouseover', 'onfocus'];\n        dangerousEvents.forEach(event => {\n            const regex = new RegExp(event, 'gi');\n            secure = secure.replace(regex, 'data-blocked-' + event);\n        });\n        return secure;\n    }\n    /**\n     * Generates a strict Content Security Policy header value.\n     * @param options Configuration for allowed sources\n     */\n    static generateCSP(options = {}) {\n        const scriptSrc = [\"'self'\", ...(options.scriptSrc || [])].join(\" \");\n        const styleSrc = [\"'self'\", \"'unsafe-inline'\", ...(options.styleSrc || [])].join(\" \");\n        return `default-src 'self'; script-src ${scriptSrc}; style-src ${styleSrc}; object-src 'none'; base-uri 'self';`;\n    }\n    static validateUrl(url) {\n        // Basic URL validation\n        const pattern = new RegExp('^(https?:\\\\/\\\\/)?' + // protocol\n            '((([a-z\\\\d]([a-z\\\\d-]*[a-z\\\\d])*)\\\\.)+[a-z]{2,}|' + // domain name\n            '((\\\\d{1,3}\\\\.){3}\\\\d{1,3}))' + // OR ip (v4) address\n            '(\\\\:\\\\d+)?(\\\\/[-a-z\\\\d%_.~+]*)*' + // port and path\n            '(\\\\?[;&a-z\\\\d%_.~+=-]*)?' + // query string\n            '(\\\\#[-a-z\\\\d_]*)?$', 'i'); // fragment locator\n        return !!pattern.test(url);\n    }\n    /**\n     * Prevents XSS by sanitizing common input fields on blur.\n     * Can be used as a utility in forms.\n     */\n    static preventXSS(inputElement) {\n        inputElement.addEventListener('blur', (e) => {\n            const target = e.target;\n            target.value = Security.sanitize(target.value);\n        });\n    }\n}\n\n\n//# sourceURL=webpack://Mulan/./src/security/sanitizer.ts?\n}");
+eval("{__webpack_require__.r(__webpack_exports__);\n/* harmony export */ __webpack_require__.d(__webpack_exports__, {\n/* harmony export */   Security: () => (/* binding */ Security)\n/* harmony export */ });\nclass Security {\n    /**\n     * IRON FORTRESS PROTOCOL\n     * Strictly escapes all HTML entities to prevent XSS.\n     * Use `mu-raw` attribute in templates to bypass this for trusted content.\n     */\n    static sanitize(input) {\n        // 1. Basic entity encoding\n        let secure = input\n            .replace(/&/g, \"&amp;\")\n            .replace(/</g, \"&lt;\")\n            .replace(/>/g, \"&gt;\")\n            .replace(/\"/g, \"&quot;\")\n            .replace(/'/g, \"&#039;\");\n        // 2. Remove dangerous events (extra layer if encoding fails)\n        const dangerousEvents = ['onload', 'onclick', 'onerror', 'onmouseover', 'onfocus'];\n        dangerousEvents.forEach(event => {\n            const regex = new RegExp(event, 'gi');\n            secure = secure.replace(regex, 'data-blocked-' + event);\n        });\n        return secure;\n    }\n    /**\n     * Generates a strict Content Security Policy header value.\n     * @param options Configuration for allowed sources\n     */\n    static generateCSP(options = {}) {\n        const scriptSrc = [\"'self'\", ...(options.scriptSrc || [])].join(\" \");\n        const styleSrc = [\"'self'\", \"'unsafe-inline'\", ...(options.styleSrc || [])].join(\" \");\n        return `default-src 'self'; script-src ${scriptSrc}; style-src ${styleSrc}; object-src 'none'; base-uri 'self';`;\n    }\n    static validateUrl(url) {\n        // Basic URL validation\n        const pattern = new RegExp('^(https?:\\\\/\\\\/)?' + // protocol\n            '((([a-z\\\\d]([a-z\\\\d-]*[a-z\\\\d])*)\\\\.)+[a-z]{2,}|' + // domain name\n            '((\\\\d{1,3}\\\\.){3}\\\\d{1,3}))' + // OR ip (v4) address\n            '(\\\\:\\\\d+)?(\\\\/[-a-z\\\\d%_.~+]*)*' + // port and path\n            '(\\\\?[;&a-z\\\\d%_.~+=-]*)?' + // query string\n            '(\\\\#[-a-z\\\\d_]*)?$', 'i'); // fragment locator\n        return !!pattern.test(url);\n    }\n    /**\n     * Prevents XSS by sanitizing common input fields on blur.\n     * Can be used as a utility in forms.\n     */\n    static preventXSS(inputElement) {\n        inputElement.addEventListener('blur', (e) => {\n            const target = e.target;\n            target.value = Security.sanitize(target.value);\n        });\n    }\n}\n\n\n//# sourceURL=webpack://Mulan/./src/security/sanitizer.ts?\n}");
 
 /***/ },
 

package/dist/security/sanitizer.js

@@ -1,4 +1,9 @@
 export class Security {
+    /**
+     * IRON FORTRESS PROTOCOL
+     * Strictly escapes all HTML entities to prevent XSS.
+     * Use `mu-raw` attribute in templates to bypass this for trusted content.
+     */
     static sanitize(input) {
         // 1. Basic entity encoding
         let secure = input

package/dist/types/security/sanitizer.d.ts

@@ -1,4 +1,9 @@
 export declare class Security {
+    /**
+     * IRON FORTRESS PROTOCOL
+     * Strictly escapes all HTML entities to prevent XSS.
+     * Use `mu-raw` attribute in templates to bypass this for trusted content.
+     */
     static sanitize(input: string): string;
     /**
      * Generates a strict Content Security Policy header value.

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@mulanjs/mulanjs",
-    "version": "1.0.1-dev.20260212152134",
+    "version": "1.0.1-dev.20260218164416",
     "description": "A powerful, secure, and enterprise-grade JavaScript framework.",
     "main": "dist/mulan.js",
     "module": "dist/mulan.esm.js",

package/src/cli/index.js

@@ -120,7 +120,9 @@ program
         name: projectName,
         version: "1.0.0",
         description: "Powered by MulanJS",
-        dependencies: {},
+        dependencies: {
+          "@mulanjs/mulanjs": "^1.0.0"
+        },
         devDependencies: {
           "webpack": "^5.104.1",
           "webpack-cli": "^6.0.1",